Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 2269. (Read 26634224 times)

That's not a source to what you're claiming. This is speculating that in the future quantum computers could crack private keys, this is also nothing new.


So quantum computers could, theoretically, crack private keys in the near future. You said they can, but there is no evidence of this, only theory.


You're also confusing the two vulnerabilities here, considerably.

One is based on nonce reuse, that out of 424m public addresses, only managed to crack 773 addresses (less than 0.0002% of all addresses).  The idea with quantum computers has nothing to do with nonce reuse, but brute forcing SHA256 private keys (as far as I understand). If successful, that would theoretically mean 100% of addresses are at risk, as opposed to 0.0002%, and a soft fork would be needed.

So to say quantum computing isn't needed anymore to crack a private keys, is clearly complete nonsense. The point with the 773 addresses hacked is that the damage has more or less already been done (mostly years ago), with the exception of maybe around 50 addresses per year getting hacked, from people not using secure software or safe practices predominantly.

So for example, all wallets with unspent outputs - or even just 1 output, as referenced attack requires 2+ outputs minimum, but realistically 4+ - currently have no vulnerabilities.

https://punchbowl.news/archive/3723-punchbowl-news-am/

you can view the full draft law here:
https://punchbowl.news/wp-content/uploads/MCHENR_KIA.pdf

Ouch.

https://www.tomshardware.com/news/quantum-computer-development-could-put-bitcoin-security-at-risk-by-the-2030s

Another day, another drop.
Still below 2017 high when we consider inflation.

All is hunky dory with the economy apparently. Nothing to worry about. House prices are in fact up according to the lamestream UK media. (Thought there was 10% inflation? No mention of that, why would there be)

But sure, I'm the one being negative.

ThInGs ArE aBsOlUtElY fInE.

Explanation

 Would someone be able to explain this to me like I'm Alice or Bob?  ELIAB for short.

Cryptography = OK!
Crypto = batslap for Jay!

Randomness generated from a computer... something so simple to us humans, remains such a complex task for computers. That was a rabbit hole I went down for a few hours as well.

Explanation

For a total layman like me it seems to boil down to the old "Every cryptographic algo is only as good as the RNG feeding random numbers into it".
One of the of (very few) takeaways I learned from Bruce's Applied Cryptography is:
1. Good randomness is key <- pardon the pun! (I think that's one of the ways the NSA subverted Crypto AGs cipher machines by making the RNG less random than customers expected and later they just went with broadcasting the private key along the ciphertext)
2. If you have a true random key that is equally long or longer than the data to encrypt, XOR is perfectly safe encryption (I am still astonished by that fact)

In the past the TLAs (and FLAs for the britons) employed brigades of ladies that ran bingo drums the whole day to create one time pads. It is said they only employed women because men were generally unable to follow the procedure correctly all day long and started to make up numbers from their head or whatever, while the ladies produced high quality OTPs.

So, when our ladies for once behave totally random and unexpected, that's a feature in them, not a bug.
^Couldn't resist, sorry gals. It is depressing and embarassing enough that men are apparently unable to operate a bingo drum reliably for more than a few minutes.

Edited to add: Apologies for the repeated use of the banned c-word, I was assuming it might be safe in this context (*ducks to evade the mandatory incoming batslap*)

Indeed. For anyone who wants to read up on this:

2014: https://bitcointalksearch.org/topic/reused-r-values-again-581411
2016: https://bitcointalksearch.org/topic/more-signatures-with-repeated-nonces-1431060

Definitely nothing new, just a research team providing further info.

It definitely is scary when you read the heading... But dive a little deeper and you realize it is an issue that has been discussed before.

Hence, most, and i hope most, bitcoin wallets are programmed to use different/random nonces with each signing, therefore eliminating the novel attack.

I've been studying/readying and trying to understand ECDSA (still learning, especially the mathematics) and Public/Private Key and how it all works... then you would really appreciate, that with proper implementation, ECDSA is secure.

I recommend everyone to at least understand the difference between Symmetric Encryption vs Asymmetric Encryption, if you don't already know it...

Interesting read. I'd say vroom is not correct here, exposing your public key does not mean quantum computers can crack private key. At least that's not what the article is about.

(Please provide source if this is the case).

vapourminer is closer to the truth here, but it's not just about exposing your public key. Exposing pub key with 1 signature isn't the risk described, based on trying to find a common demoninator to private key. The risk is about exposing pub key is related to nonces, in this case, nonce reuse. Because then determining the private key, based on two different signatures with same nonce, becomes a lot more straight forward.


Notably, they weren't able to hack any wallets with different nonces, or addresses that used a single nonce (they didn't even try) but this is somewhat besides the point based on the "mishap" of ECDSA implementations which creates this vulnerability of repeated nonce use. Somebody can no doubt explain it better and more accurately than me, but after reading the article in full, I get the jist of it.

Ultimately, this isn't really information that we didn't already know - hence it's always been recommended to use different addresses due to possibility of "reverse engineering" signatures (ie those with the common variable of nonces, when those variables become a constant due to implementation error). Even the first implementation of Bitcoin in 2019 protected against this with the use of change addresses it's worth noting.

It's only newer implementations that have encouraged (or forced) address reuse that becomes the problem here, combined with nonce reuse.

Explanation

i know that as long as no public key is exposed nothing, not even quantum stuff, can get it. but once the public key is known (watch for them in the mempool) its a race as to whether the attacker can crack your private key and take over that tx (rbf), before it gets mined into the blockchain.

thats my basic understanding. feel free to correct me.

I knew, that quantum computers can crack the private key, if the public key is known. With this attack they don't need quantum computers anymore.

doesnt that say what we already know? reusing addresses Bad because public key exposed etc. so what? always use new address. isnt that basically considered best practice already?

Explanation

Explanation

scary shit!

Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears

https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/